{"id":20268489,"url":"https://github.com/infisical/infisical_core_deployment","last_synced_at":"2026-03-07T17:02:54.400Z","repository":{"id":247233473,"uuid":"824384032","full_name":"Infisical/infisical_core_deployment","owner":"Infisical","description":null,"archived":false,"fork":false,"pushed_at":"2024-07-18T07:07:20.000Z","size":24,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-26T07:18:08.301Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Infisical.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-05T02:52:35.000Z","updated_at":"2024-08-09T06:49:10.000Z","dependencies_parsed_at":"2024-07-18T08:11:13.361Z","dependency_job_id":null,"html_url":"https://github.com/Infisical/infisical_core_deployment","commit_stats":null,"previous_names":["infisical/infisical-deployment-collections","infisical/infisical_deployment","infisical/ansible-role-infisical_deployment","infisical/infisical_core_deployment","infisical/infisical-core-deployment"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical_core_deployment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical_core_deployment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical_core_deployment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Infisical%2Finfisical_core_deployment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Infisical","download_url":"https://codeload.github.com/Infisical/infisical_core_deployment/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241746795,"owners_count":20013165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T12:18:33.533Z","updated_at":"2026-03-07T17:02:54.338Z","avatar_url":"https://github.com/Infisical.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Infisical Deployment Ansible Role\n\nThis Ansible role automates the deployment of Infisical, along with its required PostgreSQL database and Redis cache. It provides a flexible setup for installing and configuring these components across multiple hosts. This role doesn't come with HA (high availability). An HA deployment role will be released soon.\n\n## Installation\nTo install the Infisical Deployment Ansible role, run the following command:\n\n```bash\n$ ansible-galaxy install infisical.infisical_deployment\n```\nThis command will download and install the role from Ansible Galaxy, making it available for use in your Ansible projects.\n\n\n## Usage\n\n1. Clone this role into your Ansible roles directory.\n2. Create your playbook (e.g., `playbook.yml`) and inventory file (e.g., `inventory.ini`). You can find examples for the playbook.yml and inventory.ini further down in the README.\n3. Run the playbook:\n\n```bash\n$ ansible-playbook -i inventory.ini playbook.yml\n```\n\n\n## Requirements\n\n- Ansible 2.9 or higher\n- Target machines running a Debian-based Linux distribution (e.g., Ubuntu)\n- SSH access to the target machines\n- Sudo privileges on the target machines\n\n## Role Variables\n\nThe role uses several variables to customize the deployment. Here are the main variables you can configure:\n\n### General Variables\n\n- `install_postgres`: Set to `true` to install and configure PostgreSQL (default: `false`)\n- `install_redis`: Set to `true` to install and configure Redis (default: `false`)\n- `install_infisical`: Set to `true` to install and configure Infisical (default: `false`)\n\n### PostgreSQL Variables\n\n- `db_user_username`: PostgreSQL user username\n- `db_user_password`: PostgreSQL user password\n- `db_name`: Name of the database to create\n- `allowed_ip_addresses`: List of IP addresses allowed to connect to PostgreSQL\n\n### Redis Variables\n\n- `redis_username`: Redis username\n- `redis_password`: Redis password\n\n### Infisical Variables\n\n- `env_vars`: A dictionary of environment variables to set for Infisical\n\nIMPORTANT: The `DB_CONNECTION_URI` and `REDIS_URL` variables will automatically be set if you specified postgres_server and redis_server hosts.\n\nIf you wish to use your own redis server or postgres server, you can specify the `DB_CONNECTION_URI` and `REDIS_URL` in the `env_vars`.\n\n`ENCRYPTION_KEY` and `AUTH_SECRET` is automatically generated if they're not passed as a part of the `env_vars`.\n\n## Example Playbook\n\nHere's an example playbook that demonstrates how to use this role:\n\n```yaml\n---\n- hosts: postgres_server\n  vars:\n    ansible_user: ssh_username\n    ansible_password: your_ssh_password\n    ansible_become_password: your_sudo_password\n  roles:\n    - role: infisical_deploy\n      vars:\n        install_postgres: true\n        allowed_ip_addresses:\n          - \"YOUR_LOCAL_IP\"\n          - \"YOUR_INFISICAL_INSTANCE_IP\"\n        db_user_username: your_db_user\n        db_user_password: your_db_password\n        db_name: your_db_name\n\n- hosts: redis_server\n  vars:\n    ansible_user: ssh_username\n    ansible_password: your_ssh_password\n    ansible_become_password: your_sudo_password\n  roles:\n    - role: infisical_deploy\n      vars:\n        install_redis: true\n        redis_username: \"your_redis_user\"\n        redis_password: \"your_redis_password\"\n\n- hosts: infisical_instance\n  vars:\n    ansible_user: ssh_username\n    ansible_password: your_ssh_password\n    ansible_become_password: your_sudo_password\n  roles:\n    - role: infisical_deploy\n      vars:\n        install_infisical: true\n        env_vars:\n          TEST_VAR: \"TEST_VALUE\"\n          TEST_VAR_2: \"OTHER_VALUE\"\n```\n\n## Inventory Example\n\nHere's an example inventory file (`inventory.ini`) to use with this role:\n\n```ini\n[postgres_server]\nYOUR_POSTGRES_SERVER_IP\n\n[redis_server]\nYOUR_REDIS_IP\n\n[infisical_instance]\nYOUR_INFISICAL_INSTANCE_IP # This is where Infisical will run on!\n```\n\n## Notes\n\n- This role installs and configures HAProxy on the Infisical instance to handle incoming traffic.\n- The role automatically generates and manages encryption keys and authentication secrets for Infisical.\n- PostgreSQL and Redis connection URIs are automatically shared between hosts.\n- Firewall rules are configured to allow necessary incoming connections.\n\n## Security Considerations\n\n- Ensure that you're using strong, unique passwords for all components (PostgreSQL, Redis, SSH).\n- Review and adjust the `allowed_ip_addresses` for PostgreSQL to limit access as needed.\n- Consider using Ansible Vault to encrypt sensitive variables in your playbook.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfisical%2Finfisical_core_deployment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Finfisical%2Finfisical_core_deployment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Finfisical%2Finfisical_core_deployment/lists"}